834592d6a00e10e39d05d1e011ec7c06b90096133539cf68ba8128d34c49ba50

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 17:21

Target

a45b34a0c694d93c6096e117c872edfa.dll
Size

22KB
MD5

a45b34a0c694d93c6096e117c872edfa
SHA1

a7eaa0387d94a521e310aa2871f2d77dd164284d
SHA256

834592d6a00e10e39d05d1e011ec7c06b90096133539cf68ba8128d34c49ba50
SHA512

62f9b9ccd354b1ee6e8239c8b2bd9c69aa8914b617e6582d5e05cf8bc2e1aed47ad420e9ac87effceb918b99eb44567249131dec36a16b8c53d539b326353e1c
SSDEEP

384:OV2vD0nf7jm9wEzIxTAFqyxgxZLA779MgtKKDjsWKvcn2U3NvPBFih/GJ:62Qf7Ww/Kq9xZ0779VfsncnZFih/GJ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3644 wrote to memory of 2292	3644	rundll32.exe	85
PID 3644 wrote to memory of 2292	3644	rundll32.exe	85
PID 3644 wrote to memory of 2292	3644	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a45b34a0c694d93c6096e117c872edfa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a45b34a0c694d93c6096e117c872edfa.dll,#1
  2⤵
  PID:2292

memory/2292-0-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/2292-1-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/2292-2-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download